GRC Consultant – SC/DV Cleared (Outside IR35)

About the role

We are seeking an experienced Governance, Risk & Compliance (GRC) Consultant with active SC or DV clearance to support a defence programme. The role involves delivering security governance, risk management and compliance assurance across secure and complex environments.

Key responsibilities

• Deliver GRC support across secure government programmes.
• Conduct risk assessments, security reviews and compliance audits.
• Develop and maintain security documentation such as RMADS, SyOPs, policies, standards, risk registers and treatment plans.
• Ensure compliance with JSP 440, JSP 604, NIST, ISO 27001, CAF and Secure by Design principles.
• Work closely with accreditor, security assurance coordinators and technical teams.
• Identify, assess and manage information security risks.
• Support governance forums and security working groups.
• Provide guidance on security controls, remediation activities and audit preparation.
• Contribute to continuous improvement of security governance processes.

Required profile

• Active SC or DV clearance (essential).
• Proven GRC, Information Assurance or Cyber Security experience within MOD or UK Government environments.
• Strong understanding of UK Government security frameworks and policies.
• Experience producing and reviewing RMADS and related accreditation documentation.
• Knowledge of risk management methodologies and security assurance processes.
• Ability to communicate effectively with both technical and non‑technical stakeholders.
• Experience working in highly regulated or classified environments.

Required skills

• SC/DV clearance
• Governance, Risk & Compliance (GRC)
• Information Assurance
• Cyber Security
• UK Government security frameworks (JSP 440, JSP 604)
• ISO 27001
• NIST Cyber Security Framework
• MOD security policies
• Risk Management & Accreditation Documentation Sets (RMADS)
• Security Operating Procedures (SyOPs)
• Secure by Design principles
• Zero Trust principles
• Cloud security in defence environments
• CISSP (certification)
• CISM (certification)
• CRISC (certification)
• ISO 27001 Lead Implementer/Auditor (certification)

What we offer

• Competitive day rate (outside IR35).
• 3‑month contract with the possibility of extensions.
• On‑site placement within a defence/government environment.